Mikaela/mikaela.github.io
1
0
Fork 0
mirror of https://github.com/mikaela/mikaela.github.io/ synced 2024-11-27 06:49:27 +01:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: Mikaela:f7dc6204d37b8f43662868159ad98a382b3b9400
Branches Tags
Mikaela:master
Mikaela:renovate/lfs-media-pre-commit-pre-commit-hooks-5.x
Mikaela:renovate/lfs-media-fsfe-reuse-tool-5.x
Mikaela:renovate/lfs-media-pnpm-9.x
Mikaela:renovate/lfs-media-aminda-global-prettier-config-2024.x
Mikaela:renovate/lfs-media-python-jsonschema-check-jsonschema-0.x
Mikaela:dependabot/bundler/rexml-3.3.9
Mikaela:pre-commit-ci-update-config
Mikaela:lfs-media
Mikaela:2016-05-10
Mikaela:2
Mikaela:1
Mikaela:0
...
compare: Mikaela:5496d4b0c82b83fa3a906b40decaabe731830e75
Branches Tags
Mikaela:master
Mikaela:renovate/lfs-media-pre-commit-pre-commit-hooks-5.x
Mikaela:renovate/lfs-media-fsfe-reuse-tool-5.x
Mikaela:renovate/lfs-media-pnpm-9.x
Mikaela:renovate/lfs-media-aminda-global-prettier-config-2024.x
Mikaela:renovate/lfs-media-python-jsonschema-check-jsonschema-0.x
Mikaela:dependabot/bundler/rexml-3.3.9
Mikaela:pre-commit-ci-update-config
Mikaela:lfs-media
Mikaela:2016-05-10
Mikaela:2
Mikaela:1
Mikaela:0

2 Commits
f7dc6204d3 ... 5496d4b0c8

Author SHA1 Message Date
Aminda Suomalainen
5496d4b0c8
essentialsoftware.md: too quick note 2024-08-30 09:33:10 +03:00
Aminda Suomalainen
5314856151
n/essentialsoftware.md: preparation and rearranging 2024-08-30 09:13:15 +03:00
1 changed files with 158 additions and 31 deletions
Show Stats Expand all files Collapse all files

189
n/essentialsoftware.md
View File

@ -1,6 +1,8 @@
---
title: Essential software on my systems
excerpt: This is just a quick personal reference so I don't have to guess.
title: Essential software and configuration on my systems
excerpt:
This is just a quick personal reference so I don't have to guess and notice
that I forgot something important.
layout: mini
permalink: /n/essentialsoftware.html
sitemap: true
@ -21,13 +23,23 @@ _{{ page.excerpt }}_
- [Security](#security)
- [Usability](#usability)
- [Offtopic system configuration](#offtopic-system-configuration)
- [Debian-based](#debian-based)
- [Terminus on Fedora](#terminus-on-fedora)
- [Essential system configuration](#essential-system-configuration)
- [Debian console](#debian-console)
- [Terminus on Fedora](#terminus-on-fedora)
- [Terminus on Arch Linux](#terminus-on-arch-linux)
- [Accessing UEFI setup without key smashing](#accessing-uefi-setup-without-key-smashing)
- [SSD](#ssd)
- [BTRFS](#btrfs)
- [Swap](#swap)
- [sudo](#sudo)
- [Debian](#debian)
- [sources.list](#sourceslist)
- [`/etc/apt/preferences.d/whatever`](#etcaptpreferencesdwhatever)
- [sshd](#sshd)
- [Encrypted DNS](#encrypted-dns)
- [`/etc/xdg/autostart`](#etcxdgautostart)
- [`aminda-*.{service,socket]`](#aminda-servicesocket)
- [Remember!](#remember)
- [Accessing UEFI setup without key smashing](#accessing-uefi-setup-without-key-smashing)
<!-- END doctoc generated TOC please keep comment here to allow auto update -->
@ -68,7 +80,7 @@ _{{ page.excerpt }}_
## Usability
- `nvim git tmux zsh` - good luck without these
- `nvim git tmux zsh mosh` - good luck without these
- <del>if cryptographic operations are taking ages, consider something like
`haveged`. It's controversial, so if there are no issues, don't install a
random number generator.</del>
@ -78,6 +90,7 @@ _{{ page.excerpt }}_
- remember to `sudo systemctl enable --now earlyoom`
- `systemd-oomd`
- remember to `sudo systemctl enable --now systemd-oomd`
- https://codeberg.org/Aminda/shell-things/src/branch/cxefa/etc/systemd/oomd.conf.d
- `zram-tools` - small compressed swap in RAM
- Remember to check configs! Fedora: `/etc/zram.conf`
- `sudo systemctl enable --now zramswap.service zram-swap.service`
@ -90,19 +103,20 @@ _{{ page.excerpt }}_
- `sudo tlp-stat | less`
- `sudo systemctl enable --now tlp`
## Offtopic system configuration
## Essential system configuration
This is just too close to not mention here (and was besides in my planning
issue):
Since software being present and doing nothing may not actually do anything.
### Debian-based
### Debian console
- `sudo dpkg-reconfigure console-setup`
- ensure UTF-8 and select Terminus
- `sudo dpkg-reconfigure keyboard-configuration`
- compose key
#### Terminus on Fedora
### Terminus on Fedora
<!-- Don't move this, as it's the same as Debian above -->
After installing the package, adjust `/etc/vconsole.conf` e.g.:
@ -115,27 +129,10 @@ Maybe `sudo updatedb` and `locate ter-v16v` at first though?
#### Terminus on Arch Linux
<!-- Don't move this, as it's the same as Debian and Fedora above -->
See Fedora, but change the `FONT` to `"ter-132b"` instead.
### Accessing UEFI setup without key smashing
- systemd: there is a `systemctl reboot --firmware-setup`
([spotted here](https://toot.io/@ProfessorCode@fosstodon.org/113009727720521254))
- Plasma: in `systemsettings` section `desktop session` there is a checkbox to
_after next boot, enter UEFI settings_ (via
[reply to that](https://sauna.social/@justin@toot.io/113011195378808998))
- Windows allows access to UEFI by pressing Shift while reboot
([said here](https://sauna.social/@halva@wetdry.world/113011439141055477)) or
simply `shutdown -r -t 1 -fw` twice
([said here](https://infosec.exchange/@jernej__s/113012094181641667)).
- GNOME: in the reboot after 60 seconds menu, hold alt to get into boot options
([said here](https://chaos.social/@keywan/113012020348714057))
- In boot loader the command `fwsetup` should take you there
([said here](https://fedi.absturztau.be/notice/AlGqYz5GeJOQw9dfNo)). And
anyone using either grub or systemd-bootd has probably seen the menu entry.
- efibootmgr: `efibootmgr —bootnext 0000 && reboot`
([said or implied here](https://infosec.exchange/@dodgybadger/113012265751917509))
### SSD
- `sudo systemctl enable --now fstrim.timer`
@ -158,3 +155,133 @@ See Fedora, but change the `FONT` to `"ter-132b"` instead.
- Test on Lumina: 20G free -> 24G free.
- The compression will happen either the next time the file is written or can
be manually triggered through `sudo btrfs filesystem defragment -r "$PWD"`
- For swapfiles on btrfs partition, e.g.
`btrfs filesystem mkswapfile --size 8G /swap`
### Swap
Zramswap is not enough. 8 GB everywhere may be enough,
[summarizing Gentoo](https://wiki.gentoo.org/wiki/Handbook:AMD64/Full/Installation#What_about_swap_space.3F).
No swap partition and swap file is acceptable (consider SSD)? See above for
btrfs or as root
```bash
fallocate -l 8G /swap
chmod 600 /swap
mkswap /swap
swapon /swap
```
The `/etc/fstab` rule is: `/swap none swap sw 0 0` and then it's
just a matter of `sudo swapon -a`
### sudo
- https://codeberg.org/Aminda/shell-things/src/branch/cxefa/etc/sudoers.d
Consider these:
```sudoers
# Thanks Tails
Defaults timestamp_timeout=0
Defaults pwfeedback
Defaults lecture = always
```
Additionally Arch Linux should consider either
```sudoers
# Allow full sudo access to the group which is uncommented. The first is
# Debian.
#%sudoers ALL=(ALL:ALL) ALL
# Defaults to passwordless sudo on Debian.
#%wheel ALL=(ALL:ALL) ALL
```
### Debian
Remember to install `apt-transport-tor`!
#### sources.list
The mirror to use is `https://deb.debian.org/debian`.
#### `/etc/apt/preferences.d/whatever`
```apt
# Copied from https://www.wireguard.com/install/ (2020-01-11)
# Default priority appears to be 500, so 90 results to unstable being
# used when the package is not available anywhere else
Package: *
Pin: release a=unstable
Pin-Priority: 90
Package: *
Pin: release a=unstable-debug
Pin-Priority: 90
```
### sshd
If nothing else, **_please_** at least
```
# ssh-keygen -t ed25519 -N "" -f /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_ed25519_key
LogLevel VERBOSE
PermitRootLogin prohibit-password
PasswordAuthentication no
AuthenticationMethods publickey
```
### Encrypted DNS
- https://codeberg.org/Aminda/shell-things/src/branch/cxefa/etc/systemd/resolved.conf.d
- https://codeberg.org/Aminda/shell-things/src/branch/cxefa/etc/unbound/unbound.conf.d
### `/etc/xdg/autostart`
Not having terminal autostarting for all users is pain.
- https://codeberg.org/Aminda/shell-things/src/branch/cxefa/etc/xdg/autostart/kgx-tmux.desktop
```desktop
[Desktop Entry]
Terminal=true
Exec=kgx --command="bash --norc -c tmux"
Name=Tmux in Console
Icon=org.gnome.Console
```
### `aminda-*.{service,socket]`
They workaround either me or the distribution messing things up. While at it,
don't forget `/etc/sysctl.d`
- https://codeberg.org/Aminda/shell-things/src/branch/cxefa/etc/systemd/system
## Remember!
Not quite configuration, but I am not going to start inventing a new place for
it.
### Accessing UEFI setup without key smashing
- systemd: there is a `systemctl reboot --firmware-setup`
([spotted here](https://toot.io/@ProfessorCode@fosstodon.org/113009727720521254))
- Plasma: in `systemsettings` section `desktop session` there is a checkbox to
_after next boot, enter UEFI settings_ (via
[reply to that](https://sauna.social/@justin@toot.io/113011195378808998))
- Windows allows access to UEFI by pressing Shift while reboot
([said here](https://sauna.social/@halva@wetdry.world/113011439141055477)) or
simply `shutdown -r -t 1 -fw` twice
([said here](https://infosec.exchange/@jernej__s/113012094181641667)).
- GNOME: in the reboot after 60 seconds menu, hold alt to get into boot options
([said here](https://chaos.social/@keywan/113012020348714057))
- In boot loader the command `fwsetup` should take you there
([said here](https://fedi.absturztau.be/notice/AlGqYz5GeJOQw9dfNo)). And
anyone using either grub or systemd-bootd has probably seen the menu entry.
- efibootmgr: `efibootmgr —bootnext 0000 && reboot`
([said or implied here](https://infosec.exchange/@dodgybadger/113012265751917509))